What CVS was doing was luring customers into enrolling in a program that offered cash prizes and other rewards on the condition that their medical privacy rights under HIPAA would be signed away, allowing CVS to do whatever it wanted with them.
More than one billion customer records at CVS Health were released to the public due to what experts believe was an accidental “cloud storage misconfiguration.”
Once again highlighting the serious risks involved with electronic medical records, a vendor of CVS Health apparently uploaded the records into the system without creating any type of password or authentication firewall, effectively exposing them all to the world.
Researchers say that the data points can easily be strung together to create an “extremely personal snapshot of someone’s medical situation. CVS Health is now on the hook for this massive breach of private medical records.